Good afternoon everyone,
Currently I have a pair of PIs set up as a primary and fail-over providing DHCP (isc-dhcp-server) and DNS (Bind9) for IPv4. Other PIs on the network provide other services (external domain mail, website, that sort of thing). That all works great but I want to migrate over to IPv6 and learn about it in the process. The problem I'm having is that the knowledge I'm getting on IPv6 is fragmented and, in a lot of cases contradictory.

I know my ISP provides IPv6 addresses, so that's a good start. I also know that other computers on my network are using IPv6 (specifically, a couple of windows machines). I also know how to enable IPv6 on the PI. Just about everything in my home network is wired, the only exception being phones, tablets and kindles but I'm not worried about them.

This is where my troubles start. Bind is set up to provide DNS for my home network and as a caching DNS server for internet requests. The home network DNS is configured with forward and reverse configuration files that I can marry up with my DHCP server reserved address configuration. For IPv6 though I don't set those addresses and, from what I can see, I shouldn't (they should be from my ISP), except for guides that tell me I should.

I'll want my PIs to do mail and web services, as well as providing DNS caching for external sites, but I'm stuck on how to do that. I /think/ I can stick the PIs that do mail and web services in the DNS record for my domain, but that feels to me like I'm fully exposing them to the internet at large rather than firewalling them at the router which then risks exposing my home network (again, I could be wrong about this).

What guides are recommended or have I completely confused what I'm trying to do?

That's great, but if I'm going to be getting IPv6 addresses then I'm going to want to be in control of them so I can set the reservations and update my Bind9 configuration with them. For IPv4 I can do that with ids-dchp-server (which I believe can be an IPv6 DHCP server too) but what address range do I use (the equivalent of 192.168.x.x or 10.x.x.x for IPv6 or something else)? Then comes the question on NAT which I understand isn't used for IPv6; I guess if I go with the ISP / router assigned IPv6 address then it will be contactable and I can stick a firewall on it, but then we're back into to the issue of my not having control over the reservation.

My IPv6 is a 6to4 tunnel (as Plusnet don't do native IPv6, unlike BT & Sky who do).
I use my globally unique 6to4 address which is a /64 prefix. 6to4 is quite interesting as it's 2002:ipip:ipip:nnnn where ipip:ipip is your 32-bit IPv4 address in hex and nnnn is a randomly assigned 16-bit subnet.

I'm running a local bind9 server which dishes out A and AAAA addresses. You can ALWAYS use FD00:aaaa:aaaa:aaaa::/64 where aaaa:aaaa:aaaa is a random 48-bit number even if you don't have a globally unique public prefix. The FD00::/16 block is like the 192.168.xxx.xxx block without the level of pain that the FE00::/16 block carries with it (FE00::/16 addresses need to be targetted to a specific interface).

BTW, folks from Basingstoke, Winchester, Andover and So'ton Pi Interest Group (SWABPiIG) meet in the Roebuck PH, Stockbridge Lane, Winchester on the second Wednesday each month. I'm planning to be there on Wed 13th June @ 20:00.

Okay, I think I get it now. I'll have a play with ISC-DHCP-SERVER on another box and see what I can create.

I've noticed that the sky route does have an IPv6 firewall, so that's a start. It's also got an IPv6 DHCP server which I'll have to disable first.

Looks like sky addresses start 2a02:c7f: on either a /64 or /56 block. All my network devices have picked up one of those addresses, along with the fe80: local link address. The other address they pick up are fd8a: ones, which I guess are from the Sky router's DHCP server.